1. Field of the Invention
The present invention relates generally to network-based computer security and, more particularly, methods of and systems for authenticating a sender of electronic mail through a computer network.
2. Description of the Related Art
Security of computer networks is under constant attack by those who would cause damage or gain value improperly. Often, attacks are designed to gain information that is useful for further attacks. Some such attacks are designed exploit a long-known weakness in computer security associated with the acronym, PICNIC (Problem In Chair, Not In Computer). In other words, these attacks seek to fool human users, typically by masquerading as a trusted party. Such attacks are known by the term, “phishing”, as in fishing for additional vulnerabilities.
A common phishing attack is to send an e-mail in which the sender information of the e-mail is spoofed to appear trustworthy to the recipient. For example, if the e-mail is to be sent to someone at the address, “jenny.smith@company.com”, the e-mail header can be manipulated to make the e-mail appear to come from someone who works at the same company as the recipient address, for example, “bob.jones@company.com”. Even worse, a successful phishing attack can provide the attacker with e-mail addresses of people known to one another to make subsequent e-mail messages appear to come from people personally known to each recipient.
The e-mail message itself often attempts to prompt the recipient to voluntarily, albeit unwittingly, grant access to the attacker. For example, the e-mail may contain an attachment that is a program, execution of which grants the attacker access to the recipient's computer. The program can be disguised. For example, the Windows® operating system of Microsoft Corporation of Redmond, Wash., uses a file type at the end of a file name to identify the nature of the file but hides the type from users. Accordingly, an attachment named “cutecat.jpg.exe” can identify a program (with the “.exe” type designation) that appears to be a simple, harmless image (with the “.jpg” ending visible to the user as an apparent type designation).
Educating users to be wary of such attacks can only prevent so many attacks. Even sophisticated users can make a mistake when sorting through numerous e-mail messages day after day. What is needed is a way to automatically identify and disarm inauthentic e-mail messages.